Kaltura (KLTR) Risk Analysis

The markets in which we compete are characterized by rapid technological change, frequent introductions of new products, services, features and capabilities, and evolving industry standards and regulatory requirements. Our ability to grow our customer base and increase our revenue will depend in significant part on our ability to develop or otherwise introduce new products and solutions; develop or otherwise introduce new features, integrations, capabilities, and other enhancements to our existing offerings on a timely basis; interoperate across an increasing range of devices, operating systems, and third-party applications; and determine the right focus and prioritization, both in terms of our products roadmap and business focus. The success of any new products or solutions, or enhancements to our existing offerings, will depend on a number of factors including, but not limited to, the timeliness and effectiveness of our research and product development activities and go-to-market strategy, our ability to identify the appropriate technological development paths, our ability to anticipate customer needs and achieve market acceptance, our ability to manage the risks associated with new product releases, the effective management of development and other spending in connection with the product development process, and the availability of other newly developed products and technologies by our competitors and by any other third parties that may introduce disruptive technologies. In addition, in connection with our product development efforts, we may introduce significant changes to our existing products or solutions, or develop or otherwise introduce new and unproven products or solutions, integrate new technologies such as AI models, including technologies with which we have little or no prior development or operating experience. This risk is amplified as we invest more heavily in AI-based technologies that rely on advanced algorithms and third-party large language models, potentially exposing us to new, and potentially novel, trade secret misappropriation or intellectual property disputes. These new products, solutions and updates may not perform as expected, may fail to engage our customer base or other end users of our products, or may otherwise create a lag in adoption of such new products. New products may initially suffer from performance and quality issues that may negatively impact our ability to market and sell such products to new and existing customers or harm our reputation. We have in the past experienced bugs, errors, or other defects or deficiencies in new products and product updates and delays in releasing new products, deployment options, and product enhancements and may have similar experiences in the future. As a result, some of our customers may either defer purchasing our offerings until the next upgrade is released or switch to a competitor if we are not able to keep up with technological developments. To keep pace with technological and competitive developments we have in the past invested, and may in the future invest, in the acquisition of complementary businesses, technologies, services, products, and other assets that expand our offerings. We may make these investments without being certain that they will result in products or enhancements that will be accepted by existing or prospective customers or that will achieve market acceptance or successfully integrate with our existing products. The short- and long-term impact of any major change to our offerings, or the introduction of new products or solutions, is particularly difficult to predict. If new or enhanced offerings fail to engage our customer base or other end users of our products, or do not perform as expected, we may fail to generate sufficient revenue, operating margin, or other value to justify our investments in such products, any of which may adversely affect our reputation and negatively affect our business in the short-term, long-term, or both. If we are unable to successfully enhance our existing offerings to meet evolving customer requirements, increase adoption and use cases of our offerings, develop, or otherwise introduce new products and solutions and quickly resolve security vulnerabilities or other errors or defects, or if our efforts in any of these areas are more expensive or involved than we expect, our business, financial condition, and results of operations would be adversely affected.

Our success depends to a significant degree on our ability to protect our proprietary technology, methodologies, know-how, and brand. We rely on a combination of trademarks, copyrights, patents, trade secret laws, contractual restrictions, and other intellectual property laws and confidentiality procedures to establish and protect our proprietary rights. However, we make a version of our Media Services, Kaltura CE, available to the public at no charge under an open source license, contribute other source code to open source projects under open source licenses, and release internal software projects under open source licenses, and anticipate continuing to do so in the future. Because the source code for Kaltura CE and any other software we contribute to open source projects or distribute under open source licenses is publicly available, our ability to monetize and protect our intellectual property rights with respect to such source code may be limited or, in some cases, lost entirely. Our competitors or other third parties could access such source code and use it to create software and service offerings that compete with ours. While software can, in some cases, be protected under copyright law, in order to bring a copyright infringement lawsuit in the United States, the copyright must first be registered. We have chosen not to register any copyrights, and rely on trade secret protection in addition to unregistered copyrights to protect our proprietary software. Accordingly, the remedies and damages available to us for unauthorized use of our software may be limited. Further, the steps we take to protect our intellectual property and proprietary rights may be inadequate. We may not be able to register our intellectual property rights in all jurisdictions where we conduct or anticipate conducting business, may experience conflicts with third parties who contest our applications to register our intellectual property, and may choose to register intellectual property rights providing insufficient coverage. Even if registered or issued, we cannot guarantee that our trademarks, patents, copyrights or other intellectual property or proprietary rights will be of sufficient scope or strength to provide us with any meaningful protection or commercial advantage. Furthermore, in such case our copyrights, patents or other intellectual property rights would be made public without assuring adequate protection. We will not be able to protect our intellectual property and proprietary rights if we are unable to enforce our rights or if we do not detect infringement, misappropriation, dilution or other unauthorized use or violation thereof. If we fail to defend and protect our intellectual property rights adequately, our competitors and other third parties may gain access to our proprietary technology, information and know-how, reverse-engineer our software, and infringe upon or dilute the value of our brand, and our business may be harmed. In addition, obtaining, maintaining, defending, and enforcing our intellectual property rights might entail significant expense. Any patents, trademarks, copyrights, or other intellectual property rights that we have or may obtain may be challenged by others or invalidated through administrative process or litigation. Even if we continue to seek patent protection in the future, we may be unable to obtain further patent protection for our technology. In addition, any patents issued in the future may not provide us with competitive advantages, may be designed around by our competitors, or may be successfully challenged by third parties. Furthermore, legal standards relating to the validity, enforceability and scope of protection of intellectual property rights are uncertain. We may be unable to prevent third parties from acquiring domain names or trademarks that are similar to, infringe upon, dilute, or diminish the value of our trademarks and other proprietary rights. Additionally, our trademarks may be opposed, otherwise challenged or declared invalid, unenforceable or generic, or determined to be infringing on or dilutive of other marks. We may not be able to protect our rights in these trademarks, which we need in order to build name recognition with customers. If third parties succeed in registering or developing common law rights in such trademarks and we are not successful in challenging such third-party rights, or if our trademark rights are successfully challenged, we may not be able to use our trademarks to commercialize our products in certain relevant jurisdictions. Despite our precautions, it may be possible for unauthorized third parties to copy our products and use information that we regard as proprietary to create offerings that compete with ours. Effective patent, trademark, copyright, and trade secret protection may not be available to us in every country in which our products are available. The laws of some countries may not be as protective of intellectual property rights as those in the United States, and mechanisms for enforcement of intellectual property rights may be inadequate. As we continue to expand our international activities, our exposure to unauthorized copying and use of our products and proprietary information will likely increase. Accordingly, despite our efforts, we may be unable to prevent third parties from infringing upon, diluting, misappropriating or otherwise violating our intellectual property rights. We have devoted substantial resources to the development of our technology, business operations and business plans. We attempt to protect our intellectual property and proprietary information, including trade secrets, by implementing administrative, technical, and physical practices, including source code access controls, to secure our proprietary information. We also seek to enter into confidentiality, non-compete, proprietary, and inventions assignment agreements with our employees, consultants, and contractors, and enter into confidentiality agreements with other parties, such as licensees and customers. However, such agreements may not be self-executing, and there can be no guarantee that all applicable parties have executed such agreements or will adhere thereto. No assurance can be given that these practices or agreements will be effective in controlling access to and distribution of our proprietary information, or in providing adequate remedies in the event of unauthorized access or distribution, especially in certain states and countries that are less willing to enforce such agreements or otherwise provide protection for trade secrets. Further, these agreements may not prevent our competitors from independently developing technologies that are substantially equivalent or superior to our products, and in such cases we would not be able to assert trade secret rights against such parties. We also employ individuals who were previously employed at other companies in our field, and our efforts to ensure that such individuals do not use the proprietary information or know-how of others in their work for us may not prevent others from claiming that we or our employees or independent contractors have used or disclosed intellectual property, including trade secrets or other proprietary information, of a former employer or other third parties. Litigation may be necessary to defend against any such claims. If we are unsuccessful in defending against any such claims, we may be liable for damages or prevented from using certain intellectual property, which in turn could materially adversely affect our business, financial condition, or results of operations; even if we are successful in defending against such claims, litigation could result in substantial costs and distract management and other employees. In order to protect our intellectual property and proprietary rights and to monitor for and take action against any infringement, misappropriation or other violations thereof, we may be required to spend significant resources. Litigation may be necessary to enforce and protect our trade secrets and other intellectual property and proprietary rights, which could be costly, time-consuming, and distracting to management, and could result in the impairment or loss of portions of our intellectual property. Further, our efforts to enforce our intellectual property and proprietary rights may be met with defenses, counterclaims, and countersuits attacking the ownership, scope, validity, and enforceability of such rights. Our inability to protect our proprietary technology or our brand against unauthorized copying or use, as well as any costly litigation or diversion of our management's attention and resources, could delay further sales or the implementation of our offerings or impair their functionality, delay introductions of new offerings, result in our substituting inferior or more costly technologies into our offerings, or injure our reputation. Any of the foregoing could materially and adversely affect our business, financial condition, results of operations and growth prospects.

We rely on computer systems, hardware, software, technology infrastructure and online sites and networks for both internal and external operations that are critical to our business,including our platform, products and solutions (collectively, "IT Systems"). We own and manage some of these IT Systems but also rely on third parties for a range of IT Systems and related products and services. Our IT Systems, and those of third parties providers we rely on, are inherently complex and, despite testing and quality control, have in the past and may in the future contain bugs, defects, security vulnerabilities, misconfigurations, errors, or other performance failures, especially when first introduced and when upgraded with additional new features and capabilities, or otherwise not perform as intended. Any such bug, defect, security vulnerability, misconfiguration, error, or other performance failure could cause damage to our reputation, loss of customers or revenue, remediation costs, order cancellations, service terminations, and lack of market acceptance of our offerings. As the use of our offerings among new and existing customers expands, particularly to more sensitive, secure, or mission critical uses, we may be subject to increased scrutiny, potential reputational risk, or potential liability should our offerings fail to perform as contemplated in such deployments. We have in the past and may in the future need to issue corrective releases of our software to fix these defects, errors, or performance failures, which could require us to allocate significant research and development and customer support resources to address these problems. Despite our efforts, such corrections may take longer to develop and release than we or our customers anticipate and expect. Any limitation of liability provision contained in an agreement with a customer, user, third-party vendor, service provider, or partner may not be enforceable, adequate or effective as a result of existing or future applicable law or judicial decisions and may not function to limit our liability arising from regulatory enforcement or other specific circumstances. The sale and support of our offerings entail the risk of liability claims, which could be substantial in light of the use of our offerings in enterprise-wide environments. Furthermore, our ability to include such limitation of liability provisions may be limited and such provisions, even if included, could include various exclusions. In addition, our insurance against any such liability may not be adequate to cover a potential claim, and may be subject to exclusions, or subject us to the risk that the insurer will deny coverage as to any future claim or exclude from our coverage such claims in policy renewals, increase our fees or deductibles or impose co-insurance requirements. Any such bugs, defects, security vulnerabilities, misconfigurations, errors, or other performance failures in IT Systems, including as a result of denial of claims by our insurer or the successful assertion of claims by others against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including increases or the imposition of large deductible or co-insurance requirements, could have a material adverse effect on our business, including our financial condition, results of operations and reputation.

Our platform, products and solutions are often operated in large-scale, complex information technology environments. Our customers require training and experience in the proper use of, and the benefits that can be derived from, our offerings in order to maximize their potential. If users of our offerings do not implement, use, or update them correctly or as intended, actual or perceived inadequate performance and/or security vulnerabilities may result. Because our customers rely on our software to manage a wide range of operations, the incorrect implementation or use of, or our customers' failure to update, our software, or our failure to train customers on how to use our software productively, may result in customer dissatisfaction and negative publicity, which may adversely affect our reputation and brand. Our failure to effectively provide training and implementation services to our customers could result in lost opportunities for follow-on sales to these customers and decrease subscriptions by new customers, which would adversely affect our business, financial condition, results of operations and growth prospects.

We receive, collect, store, process, transfer, share and otherwise use or host information about individuals and/or that constitutes "personal data," "personal information," "personally identifiable information," or similar terms under applicable data privacy laws (collectively, "Personal Information"), including data relating to users of our offerings, our employees and contractors, and other persons. We have legal and contractual obligations regarding the protection of confidentiality and appropriate use of certain data, including Personal Information and other sensitive information about individuals. We are subject to numerous federal, state, local, and international laws, directives, and regulations regarding privacy, data protection, and data security and the collection, storing, sharing, use, processing, transfer, disclosure, disposal, and protection of Personal Information and other data, the scope of which are changing, subject to differing interpretations, and may be inconsistent among jurisdictions or conflict with other legal and regulatory requirements. We are also subject to certain contractual obligations to customers and other third parties related to privacy, data protection and data security. The regulatory framework for privacy, data protection and data security worldwide is, and is likely to remain for the foreseeable future, uncertain, complex and lacking worldwide unified standards, and it is possible that these or other actual or alleged obligations may be interpreted and applied in a manner that we do not anticipate or that is inconsistent from one jurisdiction to another and may conflict with other legal obligations or our practices. Further, any significant change to applicable laws, regulations or industry practices regarding the collection, use, retention, hosting, security, processing, transfer or disclosure of Personal Information, or their interpretation, or any changes regarding the manner in which the consent of users or other data subjects for the collection, use, retention, security, processing, transfer or disclosure of such Personal Information must be obtained, could increase our costs and require us to modify our services and features, possibly in a material manner, which we may be unable to complete, and may limit our ability to receive, collect, store, host, process, transfer, and otherwise use user data or develop new services and features. Further, there has been a substantial increase in legislative activity and regulatory focus on data privacy and security in the United States and elsewhere, including in relation to cybersecurity incidents. In addition, some such requirements place restrictions on our ability to process Personal Information across our business or across country borders. In the United States, the FTC and many state attorneys general are interpreting federal and state consumer protection laws to impose standards for the online collection, use, dissemination, and security of data. Such standards require us to publish statements that describe how we handle Personal Information and choices individuals may have about the way we handle their Personal Information. If such information that we publish is considered untrue or inaccurate, we may be subject to government claims of unfair or deceptive trade practices, which could lead to significant liabilities and consequences. Moreover, according to the FTC, violating consumers' privacy rights or failing to take appropriate steps to keep consumers' Personal Information secure may constitute unfair acts or practices in or affecting commerce in violation of Section 5(a) of the Federal Trade Commission Act. State consumer protection laws provide similar causes of action for unfair or deceptive practices. Further, data privacy advocates and industry groups have regularly proposed and sometimes approved, and may propose and approve in the future, self-regulatory standards with which we must legally comply or that contractually apply to us. Our communications with our clients are subject to certain laws and regulations, including the Controlling the Assault of Non-Solicited Pornography and Marketing Act (the "CAN-SPAM Act"), the Telephone Consumer Protection Act (the "TCPA"), and the Telemarketing Sales Rule and analogous state laws, that could expose us to significant damages awards, fines and other penalties that could materially impact our business. For example, the TCPA imposes various consumer consent requirements and other restrictions in connection with certain telemarketing activity and other communication with consumers by phone, fax or text message. The CAN-SPAM Act and the Telemarketing Sales Rule and analogous state laws also impose various restrictions on marketing conducted use of email, telephone, fax or text message. As laws and regulations, including FTC enforcement, rapidly evolve to govern the use of these communications and marketing platforms, the failure by us, our employees or third parties acting at our direction to abide by applicable laws and regulations could adversely impact our business, financial condition and results of operations or subject us to fines or other penalties. Various other U.S. federal privacy laws are relevant to our business, including the Family Educational Rights and Privacy Act ("FERPA") and the Children's Online Privacy Protection Act ("COPPA"), While we are not directly subject to FERPA or COPPA, our contracts with certain educational institution customers impose obligations on us related to FERPA and COPPA. Any actual or perceived failure to comply with these laws could result in a costly investigation or litigation resulting in potentially significant liability, injunctions and other consequences, loss of trust by our users, and a material and adverse impact on our reputation and business. In addition, many state legislatures have adopted legislation that regulates how businesses operate online, including measures relating to privacy, data security, and data breaches. For example, the CCPA, provides data privacy rights for California residents and imposes operational requirements on covered companies, such as obligations to provide disclosures to California residents and receive and respond to data privacy rights requests. An amendment to the CCPA created a state agency to oversee implementation and enforcement efforts, potentially resulting in further uncertainty and requiring us to incur additional costs and expenses in an effort to comply. The CCPA marked the beginning of a trend toward more stringent data privacy legislation in the United States, which could also increase our potential liability and adversely affect our business, with "copycat" laws or other similar laws being passed or proposed in numerous states across the country. This legislation may add additional complexity, variation in requirements, restrictions, and potential legal risk, require additional investment in resources to compliance programs, could impact strategies and availability of previously useful data and could result in increased compliance costs and/or changes in business practices and policies. In addition, some laws may require us to notify governmental authorities and/or affected individuals of data breaches involving certain personal information or other unauthorized or inadvertent access to or disclosure of such information. We may need to notify governmental authorities and affected individuals with respect to such incidents. For example, laws in all 50 U.S. states may require businesses to provide notice to consumers whose personal information has been disclosed as a result of a data breach. These laws are not consistent with each other, and compliance in the event of a widespread data breach may be difficult and costly. We also may be contractually required to notify consumers or other counterparties of a security incident, including a breach. Regardless of our contractual protections, any actual or perceived security incident or breach, or breach of our contractual obligations, could harm our reputation and brand, expose us to potential liability or require us to expend significant resources on data security and in responding to any such actual or perceived breach. In addition, in the EU and the UK, we are subject to the European Union General Data Protection Regulation (the "EU GDPR") and to the United Kingdom General Data Protection Regulation and UK Data Protection Act 2018 (collectively, the "UK GDPR") (the EU GDPR and UK GDPR together referred to as the "GDPR"). The GDPR imposes comprehensive data privacy compliance obligations in relation to our collection, use, sharing, disclosure and other processing of personal data relating to an identified or identifiable individual or "personal information" (or "personal data"), including a principle of accountability and the obligation to demonstrate compliance through policies, procedures, training and audit. Among other requirements, the GDPR regulates the transfer of personal information outside of the European Economic Area ("EEA") and the UK to third countries that have not been found to provide adequate protection for such personal information, including the United States. We are certified under the EU-US Data Privacy Framework ("DPF") and currently rely on the DPF and on the UK Extension to the DPF to transfer certain personal information from the EEA and the UK, accordingly, to the United States to the extent the transfer is made to a DPF certified entity. We also rely on the EU standard contractual clauses ("SCCs") and the UK Addendum to the SCCs, as relevant, to transfer personal information outside the EEA and the UK with respect to both intragroup and third party transfers. We expect the existing legal complexity and uncertainty regarding international personal information transfers to continue. In particular, we expect the European Commission approval of the DPF for data transfers to certified entities in the United States to be challenged and further interpreted and developed, and international transfers to the United States and to other jurisdictions more generally to continue to be subject to enhanced scrutiny by regulators. As the regulatory guidance and enforcement landscape in relation to data transfers continue to develop, we could suffer additional costs, complaints and/or regulatory investigations or fines; we may have to stop using certain tools and vendors, implement alternative data transfer mechanisms and/or take additional compliance and operational measures; and/or it could otherwise affect the manner in which we provide our services, and could adversely affect our business, operations and financial condition. Since we are subject to the supervision of relevant data protection authorities under both the EU GDPR and the UK GDPR, we could be fined under each of these regimes independently in respect of the same breach. Penalties for certain breaches are up to the greater of €20 million / GBP 17.5 million or 4% of global annual turnover for the preceding financial year for the most serious violations. The GDPR also provides for a right to compensation for material or non-material damage claimed by individuals. In addition to the foregoing, a breach of the GDPR could result in regulatory investigations, reputational damage, orders to cease or change our processing of our data, enforcement notices and/or assessment notices (for a compulsory audit). We are also subject to evolving EU and UK privacy laws on cookies, tracking technologies and e-marketing. Recent European court and regulator decisions are driving increased attention to cookies and tracking technologies. If the trend of increasing enforcement by regulators of the strict approach to opt-in consent for all but essential use cases, as seen in recent guidance and decisions continues, this could lead to additional costs, require systems changes, limit the effectiveness of our marketing and personalization activities, divert the attention of our technology personnel, adversely affect our margins, increase costs and subject us to additional liabilities. There can be no assurances that we will be successful in our efforts to comply with such laws; violations of such laws could result in regulatory investigations, fines, orders to cease or change our use of such technologies, as well as civil claims including class actions, and reputational damage.

Some of our operations in Israel may entitle us to certain tax benefits under the Law for the Encouragement of Capital Investments, 5719-1959, or the Investment Law. If we do not meet the requirements for maintaining these benefits, they may be reduced or cancelled and the relevant operations would be subject to Israeli corporate tax at the standard rate, which is set at 23% in 2021 and thereafter. In addition to being subject to the standard corporate tax rate, we could be required to refund any tax benefits that we have already received, plus interest and penalties thereon. Even if we continue to meet the relevant requirements, the tax benefits that our current "Preferred Enterprise" is entitled to may not be continued in the future at their current levels or at all. If these tax benefits were reduced or eliminated, the amount of taxes that we pay would likely increase, as all of our operations would consequently be subject to corporate tax at the standard rate, which could adversely affect our results of operations. Additionally, if we increase our activities outside of Israel, for example, by way of acquisitions, our increased activities may not be eligible for inclusion in Israeli tax benefits programs.

Our total revenue for the years ended December 31, 2024 and 2023 was $178.7 million and $175.2 million, respectively, representing an annual growth rate of 2%. You should not rely on the revenue growth of any prior period as an indication of our future performance. As we operate in new and rapidly changing markets, widespread adoption and use of our platform, products and solutions is critical to our future growth and success. We believe our revenue growth will depend on a number of factors, including, among other things, our ability to: - attract new customers and maintain our relationships with, and increase revenue from, our existing customers;- provide excellent customer and end user experiences;- maintain the security and reliability of our platform, products and solutions;- introduce and grow adoption of our offerings in new markets outside the United States;- hire, integrate, train and retain skilled personnel;- adequately expand our sales force and distribution channels;- continually enhance and improve our platform, products and solutions, including the features, integrations and capabilities we offer, and develop or otherwise introduce new products and solutions, and keep pace with the technological developments predominantly around AI-based technologies and use cases;- obtain, maintain, protect and enforce intellectual property protection for our platform and technologies;- expand into new technologies, industries and use cases;- expand and maintain our partner ecosystem;- comply with existing and new applicable laws and regulations, including those related to AI, data privacy and security;- price our offerings effectively and determine appropriate contract terms;- determine the most appropriate investments for our limited resources;- successfully compete against established companies and new market entrants;- increase awareness of our brand on a global basis; and - timely and efficiently adapt to changes in customer demand, trends, global and local macro and micro economic conditions, new technologies or offerings by our competitors or other market disruptions. If we are unable to accomplish any of these objectives, our revenue could be impaired or decline in future periods. Many factors may contribute to declines in our growth rate, including slower market penetration, increased competition, slowing demand for our offerings, a failure by us to capitalize on growth opportunities, the maturation of our business, failure to deliver under our commitments or to satisfy customer expectations, global or regional economic downturns, including as a result of the continuing geopolitical tensions and active armed conflicts, and failure to adapt to such downturns, among others. While market demand for our offerings was growing at a robust rate prior to the COVID-19 pandemic, we have since experienced a slowdown as the effects of the COVID-19 pandemic have weakened and as a result of the current volatile economic climate. As a result, it is difficult to evaluate our current business and future prospects and any of the risks highlighted herein or other adverse circumstances may increase the risk that we will not be successful. If our business, operations and financial results decline as a result of any of the factors described above, investors' perceptions of our business and the market price of our common stock could be adversely affected. In addition, our ability to forecast our future results of operations is subject to a number of uncertainties, including our ability to effectively plan for and model future growth. We have encountered in the past, and may encounter in the future, risks and uncertainties frequently experienced by growing companies in rapidly changing industries that may prevent us from achieving the objectives outlined above. If we fail to achieve the necessary level of efficiency in our organization, or if we are not able to accurately forecast future growth and other changes that might impact our business, such as changes in our existing customers' budgets, our business would be adversely affected. Moreover, if the assumptions that we use to plan our business, such as customer demand for our new AI-driven offerings or applicable growth and decline trends, are incorrect, or change in reaction to changes in our market, or if we are unable to maintain consistent revenue or revenue growth, the market price of our common stock could be volatile, and it may be difficult to achieve and maintain profitability.

We rely on our customers to secure the rights to redistribute content over the internet, and we do not screen the content that is distributed through our offerings. There is no assurance that our customers have licensed all rights necessary for distribution, including internet distribution. Other parties may claim certain rights in the content of our customers. In the event that our customers do not have the necessary distribution rights related to content, we may be required to cease distributing such content, or we may be subject to lawsuits and claims of damages for infringement of such rights. If these claims arise with frequency, the likelihood of our business being adversely affected would rise significantly. In some cases, we may have rights to indemnification or claims against our customers if they do not have appropriate distribution rights related to specific content items, however there is no assurance that we would be successful in any such claim. We do not screen the content that is distributed through our offerings. Content may be distributed through our platform that is illegal or unlawful under international, federal, state, or local laws or the laws of other countries. We may face lawsuits, claims or even criminal charges for such distribution, and we may be subject to civil, regulatory, or criminal sanctions and damages for such distribution. Any such claims or investigations could adversely affect our business, financial condition, and results of operations.

The nature of our activities and our global presence and operations expose us to global and local macro and micro effects, including the effects of global economic trends such as the current global economic volatility, rising inflation, rising interest rates, price increases, armed conflicts in various regions including the Middle East and Eastern Europe, political changes and their impact on the economic markets, decrease in our customers' spend or available budget that causes decline in demand, up-sales or subscription renewals, and other adverse effects that might have direct or indirect effects on our business and results of operations that are hard to predict, monitor or assess. Such developments have caused and may continue to cause uncertainties and high volatility with respect to our estimated or expected results of operations, may develop differently from our estimations and expectations, and could have an adverse effect on our business, results of operations and financial condition. In addition, the current economic climate has resulted in, among other things, longer sale cycles and increased price driven competition, including through initiation of bid processes, which has adversely affected our ability to retain our existing customers and our ability to generate renewals and up-sales. We expect these trends to continue in the near-term. If we are unable to retain our existing customer base or to obtain new customers at reasonable prices, our revenue could be eroded or might even decline, and as a result our business, financial condition, results of operations and prospects will be adversely affected.

Our platform, products and solutions address the needs of customers and end users around the world, and we see continued international expansion as a significant opportunity. For the years ended December 31, 2024, 2023 and 2022, we generated approximately 47%, 48% and 46% of our revenue, respectively, from customers outside the United States. Our customers, end users, employees and partners are located in a number of different jurisdictions worldwide, and we expect our operations to become more globally diversified. Our current international operations involve, and future initiatives will also involve, a variety of risks, including: - unexpected changes in practices, tariffs, export quotas, custom duties, trade disputes, tax laws and treaties, particularly due to economic tensions and trade negotiations or other trade restrictions;- potential changes in the foreign affairs and trade policies of the countries in which we operate or do business, including the imposition of significant increases in tariffs on goods imported into the United States and corresponding retaliatory actions by the countries with which the Unites States trades;- different labor regulations, especially in the European Union, where labor laws are generally more advantageous to employees as compared to the United States, including deemed hourly wage and overtime regulations in these locations;- exposure to many evolving stringent and potentially inconsistent laws and regulations relating to privacy, data protection, and information security, particularly in the European Union;- changes in a specific country's or region's political or economic conditions, including in connection with the Russian invasion of Ukraine, the armed conflict in the Middle East and Red Sea area involving Israel, Hamas, Hezbollah and the Houthi movement, and political or armed tension in other regions;- risks resulting from changes in currency exchange rates;- challenges inherent to efficiently managing an increased number of employees over large geographic distances, including the need to implement appropriate systems, policies, benefits and compliance programs;- difficulties in maintaining our corporate culture with a dispersed workforce;- risks relating to the implementation of exchange controls, including restrictions promulgated by the United States Department of the Treasury's Office of Foreign Assets Control ("OFAC"), the Bureau of Industry and Security (BIS) at the United States Department of Commerce, and other similar trade protection regulations and measures in the United States, EU, UK, or in other jurisdictions;- reduced ability to timely collect amounts owed to us by our customers in countries where our recourse may be more limited;- slower than anticipated availability and adoption of cloud infrastructures by international businesses, which would increase our on-premise deployments;- limitations on our ability to reinvest or transfer earnings from operations derived from one country to fund the capital needs of our operations in other countries;- limited or unfavorable-including greater difficulty in enforcing-intellectual property protection;- exposure to liabilities under anti-corruption and anti-money laundering laws, including the U.S. Foreign Corrupt Practices Act of 1977, as amended, and similar applicable laws and regulations in other jurisdictions; and - risks resulting from a pandemic, epidemic, or outbreak of infectious disease, such as resurgence of COVID-19 or its variants, including uncertainty regarding what measures the U.S. or foreign governments will take in response. If we are unable to address these difficulties and challenges or other problems encountered in connection with our international operations and expansion, we might incur unanticipated liabilities or we might otherwise suffer harm to our business generally.

Components of our offerings include various types of software and services licensed from unaffiliated parties. If any of the software or services we license from others or functional equivalents thereof were either no longer available to us, updated or supported, or no longer offered on commercially reasonable terms, we would be required to either redesign the offerings that include such software or services to function with software or services available from other parties or develop these components ourselves, which we may not be able to do without incurring increased costs, experiencing delays in our product launches and the release of new offerings, or at all. Furthermore, we might be forced to temporarily limit the features available in our current or future products and solutions. If we fail to maintain or renegotiate any of these software or service licenses, we could face significant delays and diversion of resources in attempting to license and integrate functional equivalents. We and our customers may also be subject to suits by parties claiming infringement, misappropriation or other violation of third-party intellectual property or proprietary rights due to the reliance by our solutions on such third-party software and services, such third-party software and services may contain bugs or other errors that cause our own offerings to malfunction, and our agreements with such third parties may not contain any, or adequate, warranties, indemnities or other protective provisions on our behalf. Any of the foregoing could materially and adversely affect our business, financial condition, and results of operations.